June 7, 2018 at 03:41PM
via WIRED
The bug, which reportedly occurred while Facebook was testing a new feature, went live on May 18. Facebook told CNN, which first reported the issue, that it began rolling out a fix on May 22 that changed every post made by affected users to private, even if those users had intended to share it publicly. The bug was fully corrected by May 27.
Typically, if you share something to Facebook, the privacy settings of that post default to the last ones you used. For example, if you share a photo and set it only to be seen by your friends, then the next time you post something, Facebook will assume you want to share it with the same audience. Those affected by the bug had their default setting changed instead to "public." That could be potentially harmful if you shared sensitive information, like an address or phone number, assuming only friends could see it. Likewise, Facebook also allows you to exclude specific friends, like an ex-partner, from seeing your posts. If this glitch affected you, those people could have seen your posts.
Starting Thursday, affected users will see a message from Facebook encouraging them to "Please Review Your Posts" as well as a link to a list of what they may have shared during the glitch. Facebook said that users were able to manually change the share settings of their posts throughout the bug's duration. That means if you noticed that a post had inadvertently been shared publicly, you could have changed the audience.
The incident is a good reminder to check who can see your Facebook posts. To do so on desktop, go to Settings, then click on Privacy. The first option under Your Activity is Who can see your future posts? There, you can limit who can see your next status update or cute dog photo.
If users can't guarantee who might see their posts, it's possible they may be more reluctant to participate.
Facebook told TechCrunch that the glitch happened while testing a new "featured items" option on your profile that lets you highlight photos and other content. Featured items are meant to be public, but Facebook accidentally extended that setting to all users' posts. While Facebook appears to have caught and corrected the bug quickly, and has been transparent in notifying users, it directly impacts the security of the content that users share with Facebook.
“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time," Erin Egan, Facebook's chief privacy officer, said in a statement. "To be clear, this bug did not impact anything people had posted before—and they could still choose their audience just as they always have. We’d like to apologize for this mistake."
The glitch follows a number of separate privacy issues the social network is facing, like concerns raised earlier this week about its data-sharing relationships with dozens of device manufacturers, including several Chinese companies. Facebook also faced backlash for months from users, lawmakers, journalists, and privacy groups for allowing Cambridge Analytica, a Trump-linked data firm, to siphon off information belonging to up to 87 million users. Facebook CEO Mark Zuckerberg also faced criticism in April after TechCrunch revealed that he and other top executives were able to delete their old sent messages on Messenger, a feature not available to normal users.
This is also not the only strictly security problem Facebook has had to confront lately. Also in April, Princeton researchers documented how Facebook's "Login With Facebook" feature can be exploited to collect information that users aren't aware they're providing.
Facebook relies on its over 2 billion monthly active users to share photos, videos, status updates, and other content every day. Without their contributions, the company has little to incentivize people to keep scrolling and spending time on the platform. If users can't guarantee not only what happens to their data but who might see their posts, it's possible they may be more reluctant to participate.
This latest lapse also feels in many ways more concrete than the Cambridge Analytica scandal and others that have rocked Facebook recently. Psychographic targeting is nebulous stuff, but everyone knows how it feels to inadvertently share something to the wrong audience online.
More Great WIRED Stories
- How San Quentin inmates built a search engine for prison
- Meet the Apple programmer who got apps talking to each other
- Airbus' H160 helicopter helps save pilots from their own mistakes
- 187 things the blockchain is supposed to fix
- PHOTO ESSAY: These glamour shots show a whole new side of spiders
- Get even more of our inside scoops with our weekly Backchannel newsletter
UPDATED: June 7, 2018, 5:43 PM EST: This story has been updated with comment from Facebook.